Here is PowerShell script that adds a particular user or a group to all the workspaces in a tenant.
The Where-Object method filters the workspaces to be just Active ones and the ones that are not MyWorkspace of every user.
After that ForEach-Object Method iterates the result of Where-Object and adds the user by invoking Add-PowerBIWorkspaceUser method and uses the ID from the currently iterated object.
Login-PowerBIServiceAccount
$UserEmail = "abx@xyz.onmicrosoft.com"
$AccessType = "Admin"
Get-PowerBIWorkspace -Scope Organization -WarningAction Ignore |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
Add-PowerBIWorkspaceUser -Scope Organization -WarningAction Ignore `
-Id $Workspace.Id`
-UserPrincipalName $UserEmail `
-AccessRight $AccessType
Write-Host "Loaded Workspace and added user ($UserEmail) to Workspace = $($Workspace.Name), ID = $($Workspace.ID)"
}
Once I had the access to all workspaces I wanted to add a Secruity group to each workspace instead of individual users.
$Body = '{
"identifier": "29e3c3d2-b18e-46e9-92d2-dc03d2780a4e",
"groupUserAccessRight": "Admin",
"principalType": "Group"
}'
$ErrorActionPreference = "Stop"
Get-PowerBIWorkspace -Scope Organization |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
try{Invoke-PowerBIRestMethod -Method POST -Url "https://api.powerbi.com/v1.0/myorg/groups/$($Workspace.Id)/users" -Body $Body}
catch{
$message = $_.Exception.InnerException.Message| ConvertFrom-Json
if($message.code -eq "AddingAlreadyExistsGroupUserNotSupportedError"){
Write-Host -Foreground Red -Background Black "Group or User already exists"
}
}
}
Once the Security group is added I can remove myself from each workspace using:
$UserEmail = "abc@.onmicrosoft.com"
Get-PowerBIWorkspace -Scope Organization |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
Remove-PowerBIWorkspaceUser -Scope Organization `
-Id $Workspace.Id `
-UserPrincipalName $UserEmail
Write-Host "Removed $($UserEmail) from Workspace $($Workspace.Name)"
}
Complete code:
Login-PowerBIServiceAccount
# ================================================
# Add a user to all workspaces:
# ================================================
$UserEmail = "abc@xyz.onmicrosoft.com"
$AccessType = "Admin"
Get-PowerBIWorkspace -Scope Organization -WarningAction Ignore |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
Add-PowerBIWorkspaceUser -Scope Organization -WarningAction Ignore `
-Id $Workspace.Id `
-UserPrincipalName $UserEmail `
-AccessRight $AccessType
Write-Host "Loaded Workspace and added user ($UserEmail) to Workspace = $($Workspace.Name), ID = $($Workspace.ID)"
}
# ================================================
# Add a Security Group
# ================================================
$Body = '{
"identifier": "29e3c3d2-b18e-46e9-92d2-dc03d2780a4e", # Group Object ID get it from Azure
"groupUserAccessRight": "Admin",
"principalType": "Group"
}'
$ErrorActionPreference = "Stop"
Get-PowerBIWorkspace -Scope Organization |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
try{
Invoke-PowerBIRestMethod -Method POST `
-Url "https://api.powerbi.com/v1.0/myorg/groups/$($Workspace.Id)/users"`
-Body $Body
}
catch{
$message = $_.Exception.InnerException.Message | ConvertFrom-Json
if($message.code -eq "AddingAlreadyExistsGroupUserNotSupportedError"){
Write-Host -Foreground Red `
-Background Black `
"Group or User already exists"
}
}
}
# ================================================
# Remove a user from all workspaces
# ================================================
Get-PowerBIWorkspace -Scope Organization |
`Where-Object {
$_.State -eq "Active" -and $_.Type -eq "Workspace"
} |
` ForEach-Object {
$Workspace = $_
Remove-PowerBIWorkspaceUser -Scope Organization `
-Id $Workspace.Id `
-UserPrincipalName $UserEmail
Write-Host "Removed $($UserEmail) from Workspace $($Workspace.Name)"
}